Martin Schmiedecker writes: > Hi all! > > We got a paper accepted at an workshop at the upcoming WWW'16 > conference, which might be of interest for you. It's about our platform > tlscompare.org, where we tried to make it easy to evaluate rules and > rule candidates for HTTPS Everywhere. > > You can find a preprint here: > https://www.sba-research.org/wp-content/uploads/publications/crowdsourcing_preprint.pdf
Thanks for doing this research, it's very interesting! One problem I've seen reported many times with HTTPS Everywhere rules is that a site will appear to work in HTTPS but particular functionality within the site will be broken -- for example, a form submission doesn't work because of a circular redirect, or video doesn't play back because of a Flash cross-domain policy rule, or particular dynamic pages (especially those that use third-party content) are broken because of mixed-content blocking. Other people on this list have probably experienced other reasons why a site can be partially broken. I wonder if it's possible to extend your research to detect some of these cases. A particular challenge for crowdsourcing in this context is that many sites require a login and so only people with an account can really test them effectively (or, the site behaves very differently for people who are logged in and people who aren't, or the site attempts to limit HTTPS access to logged-in users). Occasionally people have submitted rules to HTTPS Everywhere that rewrote an entire domain because the homepage loaded corectly in HTTPS, but then users who tried to log in found that post-login functionality broke, which perhaps the original submitter hadn't even been able to test. -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 _______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
